General

  • Target

    cf99e04344dbff1e4c803eb337ea95c1793a9de903f888bb6de2c03c22cc8531

  • Size

    453KB

  • Sample

    241104-zjkvtazkbk

  • MD5

    6791778d10064ab0e77363dd8157a7f4

  • SHA1

    a8a30fcad83acc942d560b583268702f2eddbef1

  • SHA256

    cf99e04344dbff1e4c803eb337ea95c1793a9de903f888bb6de2c03c22cc8531

  • SHA512

    6bf095e8e29f5fbbc168f005902d5a42519660c0271b01fc8a385570246e86c2368cbd48640b1b3a56abaebba9e4527e1c9b6bdb08209079d390d5f247ee1a13

  • SSDEEP

    6144:MRzY0UUx+06LL4OZCY0fHlYESXVc6Y7Kms5120TuExwwOGgADEKcUU4ZoHuuvW:MRzYmmyHlYpX26Y2ry0TuSOGgSE2cRW

Malware Config

Extracted

Family

redline

Botnet

redko

C2

62.204.41.170:4179

Attributes
  • auth_value

    9bcf7b0620ff067017d66b9a5d80b547

Targets

    • Target

      1ce750a2b863c4863b648ed0b3d0d90e87652d935e0616333d4c94e8d98143da.exe

    • Size

      601KB

    • MD5

      ea76a7437b2b5a9390a5c0b53966085e

    • SHA1

      b755ffc6e3027d444de4cbd18361e360a3820232

    • SHA256

      1ce750a2b863c4863b648ed0b3d0d90e87652d935e0616333d4c94e8d98143da

    • SHA512

      18891d6be766e2a0af36e82eaebe8bfcdb233b23ba8226305b2f05161e45bd864789e821cea8899dfa56d4b715b60924b43126b09ca8dc98c67ce0328c40938b

    • SSDEEP

      12288:goO8y8MS4ltkRc7h9fIcLHhvz1wAr57N63zt5uw39mORigrWh:gPcdR2IctvRwC572tmcrW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks